CVE-2006-6899
published 2006-12-31CVE-2006-6899: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain…
PriorityP432medium5.4CVSS 2.0
AVAACMAuNCPIPAP
EXPLOIT
EPSS
3.22%
86.6th percentile
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bluez_project | bluez | <= 2.24 | — |
CVSS provenance
nvdv2.05.4MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
BlueZ vulnerability
vendor_ubuntu·2007-01-24
CVE-2006-6899 BlueZ vulnerability
Title: BlueZ vulnerability
Summary: BlueZ vulnerability
A flaw was discovered in the HID daemon of bluez-utils. A remote
attacker could gain control of the mouse and keyboard if hidd was
enabled. This does not affect a default Ubuntu installation, since hidd
is normally disabled.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
security flaw
vendor_redhat·2006-12-28·CVSS 5.4
CVE-2006-6899 [MEDIUM] security flaw
security flaw
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
GHSA
GHSA-3c54-jw9j-cwjh: hidd in BlueZ (bluez-utils) before 2
ghsa_unreviewed·2022-05-01
CVE-2006-6899 [MEDIUM] GHSA-3c54-jw9j-cwjh: hidd in BlueZ (bluez-utils) before 2
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
No detection rules found.
Bugzilla
CVE-2006-6899 security flaw
bugzilla·2018-08-16·CVSS 5.4
CVE-2006-6899 [MEDIUM] CVE-2006-6899 security flaw
CVE-2006-6899 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Bugzilla
CVE-2006-6899 Bluetooth HID key events injection flaw
bugzilla·2007-02-02·CVSS 5.4
CVE-2006-6899 [MEDIUM] CVE-2006-6899 Bluetooth HID key events injection flaw
CVE-2006-6899 Bluetooth HID key events injection flaw
The hidd allows remote attackers to inject keyboard or mouse events via
unprotected L2CAP PSM 17 and 19. All versions before bluez-utils-2.23 are
affected. The hidd service must be activated to exploit this vulnerability.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0065.html
http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdfhttp://mulliner.org/bluetooth/hidattack.phphttp://osvdb.org/32830http://secunia.com/advisories/23747http://secunia.com/advisories/23798http://secunia.com/advisories/23879http://secunia.com/advisories/25264http://www.mandriva.com/security/advisories?name=MDKSA-2007:014http://www.redhat.com/support/errata/RHSA-2007-0065.htmlhttp://www.securityfocus.com/archive/1/455889/100/0/threadedhttp://www.securityfocus.com/bid/22076http://www.ubuntu.com/usn/usn-413-1http://www.vupen.com/english/advisories/2007/0200https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdfhttp://mulliner.org/bluetooth/hidattack.phphttp://osvdb.org/32830http://secunia.com/advisories/23747http://secunia.com/advisories/23798http://secunia.com/advisories/23879http://secunia.com/advisories/25264http://www.mandriva.com/security/advisories?name=MDKSA-2007:014http://www.redhat.com/support/errata/RHSA-2007-0065.htmlhttp://www.securityfocus.com/archive/1/455889/100/0/threadedhttp://www.securityfocus.com/bid/22076http://www.ubuntu.com/usn/usn-413-1http://www.vupen.com/english/advisories/2007/0200https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208
2006-12-31
Published